What the vulnerability does
01Description
Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through <= 1.11.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Custom Order Numbers for WooCommerce plugin through version 1.11.0 lacks proper authorization checks, allowing unauthenticated attackers to modify order data over the network. The vulnerability requires no user interaction and affects the integrity of order information. Site administrators should update to a version newer than 1.11.0 to prevent unauthorized order modifications.
What an attacker can do
03Attacker Capabilities
Modify WooCommerce order data without authentication.
Potential impact on your site
04Site Impact
Attackers can alter order numbers and related data, potentially disrupting order processing and customer records.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
November 21, 2025
CVE published
April 28, 2026
Record updated